package com.william.springsecurity.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping(value = "/product")
public class ProductController {

    //@Secured({"ROLE_PRODUCT","ROLE_ADMIN"})//springSecurity内部制定的注解
    //@RolesAllowed({"ROLE_PRODUCT","ROLE_ADMIN"})//jsr250注解
//    @PreAuthorize("hasRole('ROLE_admin')")
//    @PreAuthorize("hasPermission('ROLE_admin')")
    @PreAuthorize("hasRole('admin')")
    @GetMapping("/findAll")
    public String findAll(){
        return "产品列表查询成功！";
    }

    @PreAuthorize("hasRole('aa')")
    @GetMapping(value = "/getAll")
    public String getAll(){
        return "另一个管理员";
    }

    @PreAuthorize("hasRole('user')")
    @GetMapping(value = "/getUser")
    public String getUser(){
        return "另一个管理员";
    }

}
